On Wed, 20 Mar 2002, Burke, Thomas G. wrote:
>I've had the same problem, so's I'm really interested in the answers here...
>
>-----Original Message-----
>From: Maynard B. Fernando [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, March 19, 2002 5:13 AM
>To: [EMAIL PROTECTED]
>Subject: .htaccess/.passwd
>
>
>to all,
>
>i want to restrict a certain directory and have already these files
>(.htaccess/.htpasswd) but it seems that it failed to take place. what else
>should i do to make this thing possible? im pretty sure that the contents of
>these files are all correct...
>
>please help me guys!? :-)
Running `rpm -q apache` gives me "apache-1.3.19-5", which shouldn't really
matter.
I'm using a really basic .htaccess/.htpasswd setup. I've got the following
in my /etc/httpd/conf/httpd.conf file:
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
#default: AllowOverride None
AllowOverride AuthConfig
#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
#The following line is the default:
AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
#The following four lines comprise the default:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#This is the last sample segment from my httpd.conf file.
Here's an example .htaccess file,
#begin
AuthType Basic
AuthName "Instructional Resources"
AuthUserFile /var/www/html-passwds/private-passwd
Require user someuser
#end
That third segment of my httpd.conf prevents my .htaccess and .htpasswd
files from being viewed by web clients, but I set the AuthUserFile variable
in my .htaccess file just to be redundant/paranoid. The filename
"private-passwd" is just my own naming convention, and is a reminder that
it's the passwd file controling access to a directory named "private"/ the
URL ( http://127.0.0.1/private/ ).
HTH.
D.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
